Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Wednesday, May 2, 2007

Daily Highlights

A new video on YouTube shows the discovery of individuals' social security numbers, bank account balances and numbers, and other sensitive information in trash bags outside JPMorgan Chase Bank branches in New York City. (See item 11)·The San Francisco Chronicle reports the day after a fiery gasoline truck accident destroyed key ramps in the MacArthur Maze interchange, security analysts and truck drivers weighed the scope of damage a deliberate terrorist attack using tankers could cause U.S. metropolises and highways. (See item 13)·The Department of Agriculture and the Food and Drug Administration have learned that byproducts from pet food manufactured with contaminated wheat gluten imported from China have been used in chicken feed on some farms in the state of Indiana. (See item 20)Information Technology and Telecommunications Sector35.May 01, SC Magazine— Flaw in Winamp MP4 processing disclosed. A hacker posted exploit code for a then−unknown vulnerability in the Winamp media player to the Milw0rm site on Monday, April 30. The flaw, which vendor eEye Digital Security ranked as "high" severity, allows an attacker to execute arbitrary code from a remote location, possibly taking full control of a system. Winamp, created by Nullsoft, is owned by AOL. The company said today that it is working to fix the flaw. The flaw exists in Winamp version 5.34, according to eEye. Secunia, which released an advisory for the vulnerability today, urged users to not open untrusted MP4 files and ranked the flaw as "highly critical."Secunia advisory: http://secunia.com/advisories/25089/eEye Digital Security: http://research.eeye.com/html/alerts/zeroday/20070430.htmlSource: http://scmagazine.com/us/news/article/654194/flaw−winamp−mp4−processing−disclosed/

36.April 30, Government Computer News— NIST issues RFID guidelines. The National Institute of Standards and Technology (NIST) last week issued guidelines and a set of best practices for the use of radio frequency technology by federal agencies, as well as private corporations. NIST said entities deploying RFID technologies need to consider any security or privacy risks that could arise and should minimize those risks by following a list of best practices developed for RFID users. The guidelines focus specifically on the use of RFID technologies for asset management, tracking, matching and process and supply chain control. While RFID offers the potential for organizations to improve their logistics, reduce expenses and increase safety, it also entails the risk of eavesdropping and unauthorized use, according to NIST, an organization within the Commerce Department.Guidelines for Securing Radio Frequency Identification Systems:http://csrc.nist.gov/publications/nistpubs/800−98/SP800−98_R FID−2007.pdfSource: http://www.gcn.com/online/vol1_no1/43601−1.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"